Hi,
I'm still planning the Checkpoint -> pfSense migration, and I'm now at
the Outbound NAT part. In our current Checkpoint, every single NAT is
manually defined. It is a bit cumbersome and I doubt this adds to
security because we have a default deny rules everywhere, ingress/egress.
What are the best practices for Outbound NAT? I have one WAN and 9
networks on the LAN side. Within most of my LAN networks, I don't NAT,
but I do NAT with one of them. I also need to NAT to go out on the
internet, via WAN. So, basically, I need Outbound NAT for WAN and for
this one network that I need to NAT.
One of my question is: should I leave Automatic outbound NAT rule
generation or use Manual rules. From what I can see, the automatic
rules are only to access the internet, which is fine because I'll only
allow what I want with firewall rules. No matter if I go automatic or
not, I'll need a few rules that I can create for my LAN network that
needs NAT.
Just thinking aloud, but I'd be glad to know if my thinking sounds right.
Thanks,
Ugo